Results 1 to 9 of 9

Thread: directory listing from URL string

  1. #1
    Junior Member
    Join Date
    Oct 2001
    Posts
    4

    Question directory listing from URL string

    Is it possible for an attacker to list the contents of a directory they are in by entering something into the URL?

    For example, attacker is doing reconn and is in:

    http://www.foobar.com/foo1/foo2/foo3

    foo3 is a directory where they are currently looknig at an html page can they enter or append anything to that URL string to list the contents of the directory?

    Thanks,

    CIADS

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    what os?
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  3. #3
    Junior Member
    Join Date
    Oct 2001
    Posts
    4
    the os is Red Hat Linux / Apache
    ciads

  4. #4
    Senior Member
    Join Date
    Feb 2002
    Posts
    253
    If foo2 is the parent directorty, how about deleting foo3 & hit the Enter key?
    That has worked for me in the past.
    I wouldn't think that appending information to the URL would lead to the parent directory.
    That is my $.02 worth.

  5. #5
    Senior Member
    Join Date
    Oct 2001
    Posts
    638
    Yes, this possible. If you are parse a query string to a url that runs a CGI script, it is possible to run commands such as a directory listing (or much worse) on the remote machine. That's why when you write CGI programs, you can't trust user input. You have to validate everything. And it doesn't matter what operating system you're running. You are still vulnerable to this type of exploit.
    OpenBSD - The proactively secure operating system.

  6. #6
    Junior Member
    Join Date
    Oct 2001
    Posts
    4
    bucket -

    that won't work in this case because it would just take someone to the default page for foo2 I want to know if someone could list all the files in foo3

    Thanks,

    CIADS
    ciads

  7. #7
    Senior Member
    Join Date
    Feb 2002
    Posts
    253
    HeyCiads:
    Twice using that method I seem to have activated applets and unleashed an attack by: JS.Exception.Exploit

    Those pornmasters are tricky.

  8. #8
    Junior Member
    Join Date
    Oct 2001
    Posts
    4
    bucket -

    agreed, it can yield results - but in this case know that can't work because i made the dir structure so I am wondering if in this case, where each dir has a seperate set of web pages each with their own index page etc, can someone list all the files and dirs contained in foo3?
    Thanks for your replys.

    CIADS
    ciads

  9. #9
    Banned
    Join Date
    Oct 2001
    Posts
    1,459
    You could try adding /?C=M&O=A to the end of your URL, for example http://www.oops.net/foo1/foo2/foo3/?C=M&O=A .... It might work...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •